SQL Injection Vulnerability in Wikimedia Foundation Mediawiki Cargo Extension
CVE-2026-14363
6.9MEDIUM
What is CVE-2026-14363?
A vulnerability in the Wikimedia Foundation's Mediawiki Cargo Extension allows for improper neutralization of special elements used in SQL commands, leading to potential SQL injection attacks. This weakness can be exploited to manipulate database queries, which may reveal sensitive information or alter database contents. If you are using versions prior to 1.43.9, 1.44.6, or 1.45.4, it is crucial to patch your systems to mitigate the risks associated with this vulnerability.
Affected Version(s)
Mediawiki - Cargo Extension * < 1.43.9,1.44.6,1.45.4
